NMS-8093: Never create sessions in REST-APIs
This avoids creation of sessions, and thus setting a session cockie,
when using the REST APIs using basic authentication. It still uses the
session for authentication if one already exists.